[Bro] bro ids icmp and attack signatures

Mostafa Abdallah. Ammar mostafaammar at aast.edu
Thu May 5 07:42:32 PDT 2016

Dear All,

I am new to bro ids , I installed successfully bro ids , and added a tap to network to it , and for example if I accessed a website on a machine I can see in http.log the website I accessed and if the wqebsite is ssl i can see in ssl.lot and x509.log the certificate info

my question is :

I want when I ping i see a notification for this ping (I tried and could not find)

can I use signatures like snort with bro that generate logs when receiving an attack and generate log with signature ID

Please provide reply with some details as I am new to bro.

Best Regards,

Eng. Mostafa Abdallah Ammar,Msc.
Information Security and Auditing Supervisor
CCIE security #23971
Arab Academy For Science And Technology & maritime Transport
Computer Networks & Data Center (CNDC)
Mobile: 002 01001983674
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160505/a02ffc97/attachment.html 

More information about the Bro mailing list